Catalyst 6500 & IOS 12.1(8b)E6 IP MLS is NOT enabled globally.
Our customer's 6509 complete with dual MSFC2s (WS-X6K-SUP2-2GE) plus PFC2s (WS-F6K-PFC2) do not appear to be destination flowing but rather flooding to all ports.
Only by adding mls rp ip to an interface did the MSFC suddenly append the following output to a sho mls rp:
number of domains configured for mls 1
vlan domain name: -null-
current ip flow mask: destination
ip current/next global purge: false/false
ip current/next purge count: 0/0
current ipx flow mask: destination
ipx current/next global purge: false/false
ipx current/next purge count: 0/0
current sequence number: 1832766134
current/maximum retry count: 0/10
current domain state: no-change
domain uptime: 01:12:21
keepalive timer expires in 0 seconds
retry timer not running
change timer not running
fcp subblock count = 1
0 management interface(s) currently defined:
1 mac-vlan(s) configured for multi-layer switching
1 mac-vlan(s) enabled for ip multi-layer switching:
0 mac-vlan(s) enabled for ipx multi-layer switching:
router currently aware of following 0 switch(es):
no switch id's currently exists in domain
I'm aware that the appropriate VTP domain will have to be configured per interface, but according to Kennedy Clark this is optional. A management interface will also be required.
If mls is globally activated then why must it be activated on the interface and be subsequently dependant upon VTP. I can appreciate the latter, but it's not well documented.
I cannot believe that these caveats have not already been uncovered by others, but I would like to CCO pointers to the appropriate configuration steps. Another customer running IOS 12.1(8b)E9 appears to mave a multi-tude of flows.
The very same msfc "show mls rp" also indicates that I'm using destination flow - despite the presence of extended access lists on the very same blade. Do I have to coerce the switch with an mls flow command to increase grannularity.
CCO states that "show ip [interface]" displays IP mls details. Am I missing something in the following output:
CHEL_003MSFC#sho ip int vlan 458
Vlan458 is up, line protocol is up
Internet address is 10.60.255.211/29
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 188.8.131.52 184.108.40.206
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP Feature Fast switching turbo vector
IP Feature CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
Re: Catalyst 6500 & IOS 12.1(8b)E6 IP MLS is NOT enabled globall
Did you configure the MSFC to act as an MLS-RP for an external switch? Do
you have a CAT5500 with an NFFC as an MLS-SE
The "show mls rp" command on the MSFC only displays information pertaining to EXTERNAL MLS, ie, using the MSFC as an external MLS-RP for a Catalyst 5000 w/NFFC or NFFC II running as an MLS-SE. In that case, all MLS
config on the MSFC is in relation to the external Cat5000, and will reflect the status and configuration of that MLS implementation. This is discussed in the
MLS on the Catalyst 6000 is internal and is enabled by default. The "show mls rp" command on the MSFC displays "NO" information pertaining to this internal MLS. To view the internal MLS status, enter the hidden command "show mls status" on the MSFC.
You can also type the following command on the switch side(NMP) for checking MLS operation.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.